You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "James H. H. Lampert" <ja...@touchtonecorp.com> on 2020/12/22 18:39:52 UTC
Manager setup in Tomcat 8
A few months back, as I recall, I ran into some "gotchas" in connection
with the manager context, while setting up Tomcat 8.5 on one of our AWS
EC2 instances. As I recall, I had to do something special, somthing I
don't have to do with Tomcat 7, in order to make the manager context
reachable from the outside.
Very shortly, I'll be setting up Tomcat 8.5 for the first time on an
AS/400, and like the EC2, it can't exactly browse itself, so it, too,
will need to have the manager context reachable from the outside world.
Can somebody remind me of what it is I had to do, that I don't have to
do for Tomcat 7?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Manager setup in Tomcat 8
Posted by "James H. H. Lampert" <ja...@touchtonecorp.com>.
On 12/22/20 10:51 AM, Christopher Schultz wrote:
> I would try to lock-down that IP range as much as you can, rather than
> either removing the Valve (which would allow connections from anywhere)
> or specifying something like ".*" in the "allow" attribute (which is a
> regular expression which will be applied to the remote-user's IP
> address, either IPv4 or IPv6 as the case may be).
Dear Mr. Schultz:
Thanks. Very much applicable to the EC2 instance (and I recall doing
just that, although I'd have to look at what I did to recall exactly
how), and to most customer boxes, but not necessarily so much for this
particular customer: they've got everything locked down in the tightest
VPN I've ever seen.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Manager setup in Tomcat 8
Posted by Christopher Schultz <ch...@christopherschultz.net>.
James,
On 12/22/20 13:39, James H. H. Lampert wrote:
> A few months back, as I recall, I ran into some "gotchas" in connection
> with the manager context, while setting up Tomcat 8.5 on one of our AWS
> EC2 instances. As I recall, I had to do something special, somthing I
> don't have to do with Tomcat 7, in order to make the manager context
> reachable from the outside.
>
> Very shortly, I'll be setting up Tomcat 8.5 for the first time on an
> AS/400, and like the EC2, it can't exactly browse itself, so it, too,
> will need to have the manager context reachable from the outside world.
>
> Can somebody remind me of what it is I had to do, that I don't have to
> do for Tomcat 7?
It was probably changing the default RemoteAddrValve to allow non-local
IP addreses. You can find that in the manager's META-INF/context.xml file.
I would try to lock-down that IP range as much as you can, rather than
either removing the Valve (which would allow connections from anywhere)
or specifying something like ".*" in the "allow" attribute (which is a
regular expression which will be applied to the remote-user's IP
address, either IPv4 or IPv6 as the case may be).
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org